Texas AI Law
TRAIGA (HB 149)
Texas is the first US state with a comprehensive AI law. TRAIGA takes effect January 1, 2026 — here's what your business needs to do.
What is the Texas Responsible AI Governance Act?
The Texas Responsible AI Governance Act (TRAIGA), enacted as House Bill 149, is a comprehensive state law regulating the development and deployment of artificial intelligence systems in Texas. It spans Chapters 551-554 of the Texas Business and Commerce Code, with cross-references to the Texas Data Privacy and Security Act (TDPSA), the Capture or Use of Biometric Identifier Act (CUBI), and the Texas Government Code.
TRAIGA establishes applicability criteria, defines prohibited AI practices, creates disclosure duties for governmental agencies and healthcare providers, sets enforcement authority with the Texas Attorney General, provides a 60-day cure period, and creates a regulatory sandbox program under Chapter 553.
Key Facts
- Effective date: January 1, 2026
- Enforcement: Texas Attorney General (exclusive)
- Penalties: $10K-$12K curable, $80K-$200K uncurable
- Cure period: 60 days after AG notice
- Sandbox: Up to 36 months (Chapter 553)
- Private right of action: None
Does TRAIGA apply to you?
TRAIGA applies if your AI system meets the statutory definition and you have a Texas nexus. Three independent nexus tests — any one is sufficient.
Nexus Test 1
Tex. Bus. & Com. Code § 551.002
Nexus Test 2
Tex. Bus. & Com. Code § 551.002
Nexus Test 3
Tex. Bus. & Com. Code § 551.002
AI System Definition (§ 551.001)
TRAIGA defines an AI system as a machine-based system that, for explicit or implicit objectives, infers from the inputs it receives how to generate outputs that can influence physical or virtual environments. If your system does not meet this definition, TRAIGA may not apply.
Roles Under TRAIGA
Multiple roles may apply simultaneously. TRAIGA does not force a single role classification.
Prohibited AI Practices
TRAIGA prohibits specific AI practices. Each prohibition is tested independently using its exact statutory elements. Intent is central — disparate impact alone is insufficient.
Harmful Manipulation
Tex. Bus. & Com. Code § 552.052
Social Scoring (Government Only)
Tex. Bus. & Com. Code § 552.053
Constitutional Rights Impairment
Tex. Bus. & Com. Code § 552.055
Unlawful Discrimination
Tex. Bus. & Com. Code § 552.056
Sexual Content and Deepfakes
Tex. Bus. & Com. Code § 552.057
Disclosure Duties
TRAIGA creates mandatory disclosure obligations for governmental agencies and healthcare providers using AI systems.
Governmental Agencies
When a governmental agency offers an AI system intended to interact with consumers, disclosure is required before or at the time of interaction.
The disclosure must be:
- Clear and conspicuous
- In plain language
- Free of dark patterns or manipulative design
If a hyperlink is used, it must satisfy the clear and conspicuous standard.
Tex. Bus. & Com. Code § 552.051(b)-(e)
Healthcare Providers
When a licensed, registered, or certified healthcare provider uses AI in relation to a service or treatment, disclosure is required by the first date of service.
In an emergency, disclosure must be provided as soon as reasonably possible — not necessarily by the first date of service.
The provider must document the disclosure date and recipient.
Tex. Bus. & Com. Code § 552.051(f)
Biometric Data and CUBI
If your AI system captures, stores, processes, or possesses biometric identifiers, TRAIGA creates a cross-law routing to the Capture or Use of Biometric Identifier Act (CUBI).
A CUBI violation under Section 503.001 is also a Section 552.054 violation under TRAIGA. The statutory definitions differ:
CUBI (§ 503.001) — narrower
Retina/iris scan, fingerprint, voiceprint, hand/face geometry record. Notice and consent required before commercial capture. Destruction within one year of purpose expiration.
TRAIGA (§ 552.054) — broader
Broader biometric data definition for government biometric provisions. A CUBI violation automatically triggers a § 552.054 violation.
AI training exemption caveat: The CUBI AI-training exemption is lost when the AI is used or deployed to uniquely identify a specific individual. A later commercial use of previously non-commercial biometric data may reactivate CUBI duties.
Penalties and Enforcement
The Texas Attorney General has exclusive enforcement authority. There is no private right of action under TRAIGA.
| Violation Type | Penalty Range | Cure Available | Citation |
|---|---|---|---|
| Curable violations | $10,000 - $12,000 per violation | Yes — 60 days | § 552.105 |
| Uncurable violations (prohibited practices) | $80,000 - $200,000 per violation | No | § 552.105 |
| Undeployed systems | No penalty collection | N/A | § 552.105(f) |
Enforcement Process
- AG receives complaint or identifies potential violation
- AG issues civil investigative demand (CID) or complaint
- 60-day cure period begins (for curable violations)
- If cured: no action with required written statement and documentation
- If not cured: AG pursues civil penalty
The AG may request detailed system documentation including purpose, intended use, deployment context, data types, metrics, limitations, monitoring, and safeguards.
NIST AI RMF Defense Pathway
TRAIGA uniquely provides a defense pathway for organizations that adopt the NIST AI RMF or NIST Generative AI Profile.
Under Section 552.105(e)(2)(D), substantial compliance with the current NIST Generative AI Profile or another recognized framework can support the internal-review discovery pathway. This is a defense candidate, not a certification or safe harbor.
How the defense pathway works:
- Adopt NIST AI RMF or NIST GenAI Profile and version-pin the framework
- Conduct a qualifying internal review using the framework
- The internal review discovers an issue through feedback, red teaming, agency guidance, or qualifying internal review
- Preserve the internal review documentation that discovered the issue
- If all conditions are met, the defendant may avoid liability
Important: NIST mapping produces a DEFENSE_CANDIDATE, not certification or safe-harbor approval. The internal review that actually discovered the issue must be preserved. Third-party misuse may also support a defense under listed conditions.
Regulatory Sandbox
TRAIGA creates a regulatory sandbox program allowing participants to test AI systems under application-based approval.
The Chapter 553 sandbox program allows participants to test AI systems for up to 36 months under an application-based approval. Sandbox participants remain subject to non-waivable Chapter 552 Subchapter B prohibitions.
What the sandbox provides
- Testing window up to 36 months
- Application-based approval
- Quarterly reporting requirements
- Waiver of certain provisions
What the sandbox does NOT waive
- Prohibited practices (§ 552.052-.057)
- Disclosure duties (§ 552.051)
- Biometric restrictions (§ 552.054)
- AG enforcement authority
Companion Texas AI Laws
TRAIGA is part of a broader Texas AI legislative framework. These companion laws may apply alongside TRAIGA.
SB 1964 — Government AI Use
Tex. Gov. Code Ch. 2054
SB 1188 — Healthcare AI
Tex. Health & Safety Code Ch. 183
State Agency AI Inventory
Tex. Gov. Code §§ 325.011, 2054.068, 2054.0965
TDPSA (Chapter 541)
Tex. Bus. & Com. Code § 541.104
Texas AI Law Compliance Checklist
A practical checklist for preparing for TRAIGA compliance before the January 1, 2026 effective date.
Assess
Document
Implement
Monitor
Get the Texas AI Law Compliance Checklist
Free Texas AI Law Compliance Checklist
How Subodh KC Can Help
I co-founded HAIEC and built the TRAIGA compliance engine — a 9-section deterministic assessment wizard covering Chapters 551-554 of the Texas Business and Commerce Code.
TRAIGA Assessment
NIST AI RMF Implementation
Evidence Architecture
Based in Dallas, Texas. Contact Subodh KC for TRAIGA compliance advisory, or explore advisory services.
Frequently Asked Questions
What is the Texas AI law?
When does the Texas AI law take effect?
Who enforces the Texas AI law?
What are the penalties under the Texas AI law?
Does the Texas AI law apply to my company?
Is there a cure period under the Texas AI law?
Can NIST AI RMF compliance help under the Texas AI law?
Does the Texas AI law have a regulatory sandbox?
This guide is for informational purposes and does not constitute legal advice. For jurisdiction-specific compliance guidance, contact Subodh KC for advisory services. Last updated: July 2026. Legal version: TRAIGA-HAIEC-v3.0-ERRATA-1.